qnap

635 tracked vulnerabilities.

CVE-2025-62851 MEDIUM
Qnap Systems Inc. License Center < 1.9.56 - Path Traversal
Jun 10, 2026
CVSS 4.4
EPSS 0.00
CVE-2025-62850 HIGH
Qnap Systems Inc. QuTS Hero - Denial of Service
Jun 10, 2026
CVSS 7.2
EPSS 0.00
CVE-2025-66276 CRITICAL
QTS 4.3.x - NFS Access Control Misconfiguration
Jun 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-62858 MEDIUM
QNAP Systems - QTS, QuTS Hero
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-62846 MEDIUM
QNAP QuRouter < 2.6.2.007 - Local Admin SQL Injection
Mar 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-62845 MEDIUM
QNAP QuRouter < 2.6.3.009 - Local Admin Control Sequence Injection
Mar 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-62844 MEDIUM
QNAP QuRouter < 2.6.2.007 - Weak Authentication Information Disclosure
Mar 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-62843 MEDIUM
QNAP QuRouter < 2.6.3.009 - Physical Endpoint Privilege Bypass
Mar 20, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-59383 CRITICAL
Media Streaming Add-on < 500.1.1 - Stack-Based Buffer Overflow
Mar 20, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-59388 CRITICAL
Hyper Data Protector <2.3.1.455 - Auth Bypass
Mar 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-68406 MEDIUM
Qsync Central 5.0.0.0-5.0.0.3 - Authenticated Path Traversal
Feb 11, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-66278 MEDIUM
File Station 5 <5.5.6.5190 - Path Traversal
Feb 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66277 CRITICAL
QNAP QTS and QuTS hero - Unauthenticated Path Traversal via Symbolic Link Following
Feb 11, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-66274 MEDIUM
QNAP QuTS hero - Denial of Service via NULL Pointer Dereference
Feb 11, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-62856 MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5190 - Authenticated Path Traversal
Feb 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2025-62855 MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5190 - Authenticated Path Traversal
Feb 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2025-62854 MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5190 - Authenticated Denial of Service
Feb 11, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-62853 MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5165 - Authenticated Path Traversal
Feb 11, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-59386 MEDIUM
QNAP QuTS hero - Denial of Service via NULL Pointer Dereference
Feb 11, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-58472 MEDIUM
Qsync Central 5.0.0.0-5.0.0.3 - Authenticated Denial of Service via NULL Pointer Dereference
Feb 11, 2026
CVSS 4.9
EPSS 0.01
CVE-2025-58471 MEDIUM
Qsync Central 5.0.0.0-5.0.0.3 - Authenticated Denial of Service via Resource Exhaustion
Feb 11, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-58470 MEDIUM
Qsync Central <5.0.0.4 - Path Traversal
Feb 11, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-58467 MEDIUM
Qsync Central <5.0.0.4 - Path Traversal
Feb 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-58466 MEDIUM
QNAP QTS and QuTS hero - Use of Uninitialized Variable
Feb 11, 2026
CVSS 4.9
EPSS 0.01
CVE-2025-57713 HIGH
File Station 5 <5.5.6.5166 - Info Disclosure
Feb 11, 2026
CVSS 7.5
EPSS 0.01